Over 30% UPI frauds in 3 states

Source: The post is based on the article “Over 30% UPI frauds in 3 states” published in Business Standard on 7^th September 2023.

Syllabus: GS 3 – Internal Security – Cyber Security

Relevance: concerns with increasing digital banking/UPI frauds

News: India recently reached a significant milestone of 10 billion Unified Payments Interface (UPI) transactions, indicating the growing popularity of digital payments. However, this increase has also led to an increase in fraud cases.

What are some of the findings of the fraud cases related to UPI/digital banking?

India has witnessed an increase in UPI frauds, with over 30% originating from Uttar Pradesh, Gujarat, and West Bengal, and approximately 55% of all reported digital payment frauds being UPI-related.

The majority of these UPI frauds (50%) involve sums below ₹10,000, with an estimated average of 80,000 UPI frauds occurring each month in India.

A trend of fraudulent UPI apps, posing as authorized users, has emerged. These deceptive apps are employed for defrauding individuals through methods like phishing, malware, UPI ID spoofing, and device monitoring.

According to an RBI report, digital banking fraud surged from 3,596 cases with losses of approximately ₹155 crore in FY22 to 6,659 cases amounting to ₹276 crore in FY23.

Experts also warn that fraudsters may soon utilize artificial intelligence (AI) and machine learning (ML) to cheat users. These evolving threats could make it more challenging to identify phishing emails.

What measures have already been taken to prevent digital frauds?

First, the National Payments Corporation of India (NPCI) has implemented a 24×7 monitoring system with an average response time of 24 hours to combat these threats.

Second, banks are mandated to provide Fraud Monitoring Returns within three weeks of detecting fraud, regardless of the amount involved.

Third, the RBI has issued third-party outsourcing guidelines to prompt the fintech ecosystem to invest in security and improve processes.

Fourth, bodies such as the Central Fraud Registry, Centralised KYC Registry, Central Payments Fraud Information Registry had been established to report information on data and fraud.

What more can be done to prevent digital banking frauds?

The following measures can be taken by users to prevent digital frauds:

1. Users should practice digital safety by safeguarding their UPI PIN, never sharing sensitive information such as OTP or UPI PIN, and enabling two-factor authentication (2FA) for enhanced security.
2. Reviewing transaction history for unauthorized activity is crucial.
3. Invest in reputable paid antivirus software, avoid malicious downloads, and use unique passwords for different platforms.
4. Report fraud incidents promptly to authorities, financial institutions, and regulators for swift action.
5. Digital forensics may be used to investigate and analyze IP addresses, email headers, and other digital traces to identify fraudsters.
6. Payments service providers, app developers, and operators should improve their technology to identify and prevent irregularities.
7. Set transaction limits based on user risk profiles and implement extra authentication for high-value transactions.
8. Use AI and ML algorithms to spot anomalies.
9. Ensure secure, updated Application Programming Interfaces (APIs) for UPI integration and invest in data encryption for user data protection.